1. DDoS Readiness Program

2. About Red Button Red Button A Leader in DDoS Consulting Founded in 2014 Service based Self funded Found by Ziv Gadot – Formerly Radware ERT (Emergency Response Team) founder and manager – 10 years at Radware, Check Point, Inter – Participated in numerous DDoS mitigation defense MEDIAPPLICATIONS

3. DDoS

4. Brief History of DDoS 201520142013201220112010 Intensity OpPayback “wikileaks” Dec 2010 DDoS Era First Bullet OpAbabil Sep 2012- Oct 2013 The largest attack ever Anonymous Attacks 2011-12 DDoS is a simple to generate OpJustina Boston Children Hospital Jan 2014 Everyone can become a target DDoS continue to be a Mainstream Attack

5. How to be Prepared for DDoS Attacks? PREPARATION before attack QUICK RESPONSE during attack Design & Execution Response Validation Emergency Response Assessment Gap Analysis Design POC Game Plan Mitigation Technologies Integration Procedures Training Pen Test War Games 24/7 Emergency Response Architecture & DesignExecutionOn-going

6. Is this Really Done? PREPARATION before attack QUICK RESPONSE during attack Design & Execution Response Validation Emergency Response Assessment Gap Analysis Design POC Game Plan Mitigation Technologies Integration Procedures Training Pen Test War Games 24/7 Emergency Response Architecture & DesignExecutionOn-going ✔ ✔ ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✔ ✘ ✘

7. Red Button Building Blocks

8. DDoS Readiness Score

9. Definition “The ‘DDoS Readiness Score’ is an open standard representing how much DDoS pressure can the organization withstand prior to outage where 0 is none and 7 is any.”

10. DDoS Readiness Score Attacks Sophistication Attacks Volume 1 “poking” 2 “script kiddy” 3 “basic” 4 “sophisticated” 5 “APT” 6 “extreme” 7 “state sponsored”

11. ‘Tsunami’ DDoS Simulation

12. ‘Tsumani’ DDoS Simulation

13. DDoS Readiness Assessment Expert System (DRAES)

14. DDoS Readiness Assessment Expert System Where are your assets located? Are you using CDN? What is you internet pipe size? Which mitigation do you have in place? Expert System DDoS Readiness Score

15. Gap Analysis

16. 7 6 5 4 3 2 1 DDoS Readiness Score Score = 2.3 DDoS Readiness Assessment Expert System Tsunami DDoS Simulation Black-box White-box

17. 7 6 5 4 3 2 1 Gap Analysis Threat Level DDoS Readiness Score 2.3 5.7 Balanced Line 3.7 Vertical Balanced Point

18. Design

19. 2.3 3.7 6.2 5.0 Design Phase 3Phase 2Phase 1 2000$ per month4000$ per month5,000$ (once)Cost 5 weeks8 weeks3 weeksDuration 3 days5 days1 daysInternal Resources Purchase SSL protection DDoS Simulation Purchase Cloud mitigation SOC Training Existing device hardening Action 6.25.03.7Uplift score Phase 1 Phase 2 Phase 3

20. Red Button USP PREPARATION before attack QUICK RESPONSE during attack Design & Execution Response Validation Emergency Response Assessment Gap Analysis Design POC Game Plan Mitigation Technologies Integration Procedures Training Pen Test War Games 24/7 Emergency Response Architecture & DesignExecutionOn-going “We are Devoted to Provision All Required Building Blocks with Vendor Neutrality” ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘

21. DDoS Readiness Program “Solution-based packages to be ready for DDoS attacks”

22. DDoS Readiness On-going Platinum On-going Gold Uplift Silver Uplift Bronze ✔✔✔✔ Architecture & Design ✔✔✔ Design Execution ✔ On-going Validation ✔✔ Emergency Response DDoS Readiness Program zero outage tolerance Large organizations Banks, ecommerce Five nines Reduce risks at reasonable costs Medium size organizations Protect reputation Two nines

23. Red Button Resell Mitigation Design & Execution Response Validation Emergency Response Architecture & Design ExecutionOn-going Design PS Only c ustomer by mitigation direction PS + Resell ✔ vendor neutral Near vendor neutral ✔ Turn-key ✔ Cost reduction

24. Summary

25. Attack Vector Analysis AFTER BEFORE DDoS Attack Vector Game Plan Automatic ✔✔ ✔ SYN Flood Network / Volumetric ✔✔ ✘ RST flood ✔✔ ✘ UDP Flood ✔✔ ✘ HTTP Flood Application ✔✔ ✔ HTTPS Flood ✔✘ ✘ DNS Reflective ✔✔ ✘ DNS Recursive ✔✔ ✔ Slowloris Low & Slow ✔✔ ✘ R.U.D.Y. ✔✔ ✘ SSL Renegotiation Good PoorOverall Readiness

26. DDoS Made Transparent Management CISO We have visibility We have understand and quantified our DDoS mitigation posture We have already improved mitigation We have improved mitigation by scale by hardening our existing technology and procedures with minimal investment Management to decide on next step Per business needs we can further improve our mitigation at quantified costs Backup plan Even if decision will be negative, we have a game- plan to minimize business impact under sever attack, buying time for another management decision

28. “Bad new”“Good news” No one represent the customer’s genuine interest (customer is alone) Customer are looking zero-touch solution DDoS mitigation technology generally mature Many mature organization has at least one protection in place Several experienced vendors Higher Ground Perspective No DDoS simulation (“no QA”) Lack of procedures/protocols Lack of training and war games Poor POC process Effective technologies: challenge, proxy, on-demand diversion, always-on diversion Technical Perspective DDoS Mitigation Challenges